Add snyk ignore vulnerabilitywq file

DFE-Digital · Jul 14, 2023 · 1df6fd1 · 1df6fd1
1 parent 1b63064
commit 1df6fd1
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -194,7 +194,7 @@ jobs:
           SNYK_TOKEN: ${{ steps.keyvault-yaml-secret.outputs.SNYK-TOKEN }}
         with:
           image: ${{needs.build.outputs.DOCKER_IMAGE}}
-          args: --severity-threshold=high --file=Dockerfile
+          args: --severity-threshold=high --file=Dockerfile --policy-path=/project/.snyk
 
       - name: Run Brakeman static security scanner
         run: docker run -t --rm -e RAILS_ENV=test ${{needs.build.outputs.DOCKER_IMAGE}}  brakeman

diff --git a/Dockerfile b/Dockerfile
@@ -34,6 +34,9 @@ RUN apk add --no-cache gmp=6.2.1-r1 libretls=3.3.4-r3
 COPY script/docker-entrypoint.sh .
 RUN chmod +x /app/docker-entrypoint.sh
 
+# add snyk ignore list
+COPY .snyk /
+
 # install NPM packages removign artifacts
 COPY package.json yarn.lock ./
 RUN yarn install && yarn cache clean